Sun Shadow 1.7.1

Sun Shadow 1.7.1
(Trojan.Win32.Scar.aayp)
(Backdoor.Win32.Shadow.n for SunShadow.exe)

by yzkzero

Released in December 2005





Server:
dropped files:
c:\WINDOWS\MoonShadowHook.dat             Size: 60 bytes 
c:\WINDOWS\system32\MoonShadow.dll        Size: 380,616 bytes 
c:\WINDOWS\system32\MoonShadow.exe        Size: 495,616 bytes 
c:\WINDOWS\system32\MoonShadowHook.dll    Size: 61,440 bytes 

added to registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"
new data: Explorer.exe MoonShadow.exe 


HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List "2046:TCP"
data: 2046:TCP:*:Enabled 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List "2046:TCP"
data: 2046:TCP:*:Enabled 



tested on Windows XP
March 27, 2006

MegaSecurity